We've recently been recipient to an increase in spam and I'd like to determine the IP that the spam is coming from. My hope is that it will be coming from a limited number of IPs that I can manually block.

Okay, then perhaps you can suggest a better alternative.
–
Windows NinjaMar 13 '12 at 19:35

Look into assp.sourceforge.net for an effective spam filter. Don't use bayesian scanning or at least only as a last resort. Use things such as grey listing, valid HELO checking and rDNS checks.
–
aseqMar 13 '12 at 19:42

1 Answer
1

The "Received:" headers on the message will give you the source server, as would Exchange's Message Tracking functionality. Having said, it's hopeless to think that you can prevent any significant quantity of spam by manually blocking the IP addresses of SMTP servers sending you messages if you're receiving mail from the Internet.

You'd be better off looking at a third-party hosted or on-premise anti-spam solution, or at the very least, looking at the anti-spam functionality built-in to Exchange (meager, though it is). You absolutely don't stand a chance of keeping up with blocking spam manually.

Thanks, this is the answer I was looking for. We already have Symantec Mail Security but some domain registrar scams have been finding their way past it recently. I guess I'll need to lower the spam score threshold to see if that will resolve things. Thanks!
–
Windows NinjaMar 13 '12 at 19:44

Postini is pretty cheap, couple bucks a mailbox per month, and is a hosted gateway solution so keeps the spam from even hitting your perimeter network. Plus the spooling feature is a godsend when doing maintenance or when there's an unexpected outage.
–
gravyfaceMar 13 '12 at 19:47

Thanks for the recommendation gravyface...I'm going to look into that immediately.
–
Windows NinjaMar 14 '12 at 12:21